You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandeep More (Jira)" <ji...@apache.org> on 2020/12/22 11:31:00 UTC
[jira] [Commented] (KNOX-2517) Encounter error when start knox
gateway(Caused by: java.io.IOException: DNSName components must begin with
a letter)
[ https://issues.apache.org/jira/browse/KNOX-2517?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17253421#comment-17253421 ]
Sandeep More commented on KNOX-2517:
------------------------------------
This looks like an issue with your dns name. What DNS name are your using (e.g. -ext san=dns:myname.example.com)?
Looks like it might not be in a format specified by [RFC 1034|https://www.ietf.org/rfc/rfc1034.txt]
Excerpt from the RFC:
The preferred name syntax is:
{code}
<domain> ::= <subdomain> | " "
<subdomain> ::= <label> | <subdomain> "." <label>
<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
<let-dig-hyp> ::= <let-dig> | "-"
<let-dig> ::= <letter> | <digit>
<letter> ::= any one of the 52 alphabetic characters A through Z in
upper case and a through z in lower case
<digit> ::= any one of the ten digits 0 through 9
{code}
> Encounter error when start knox gateway(Caused by: java.io.IOException: DNSName components must begin with a letter)
> --------------------------------------------------------------------------------------------------------------------
>
> Key: KNOX-2517
> URL: https://issues.apache.org/jira/browse/KNOX-2517
> Project: Apache Knox
> Issue Type: Bug
> Affects Versions: 1.5.0
> Environment: Centos 7
> java version "1.8.0_40"
> Java(TM) SE Runtime Environment (build 1.8.0_40-b25)
> Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)
> Reporter: ζθΏι
> Priority: Major
> Fix For: 1.5.0
>
>
> {code:java}
> // code placeholder
> LDAP is already running with PID 14282.
> [liyuanfeng@hdp26 knox-1.5.0]$ bin/knoxcli.sh create-master
> ***************************************************************************************************
> You have indicated that you would like to persist the master secret for this service instance.
> Be aware that this is less secure than manually entering the secret on startup.
> The persisted file will be encrypted and primarily protected through OS permissions.
> ***************************************************************************************************
> Enter master secret:
> Enter master secret again:
> Master secret has been persisted to disk.
> [liyuanfeng@hdp26 knox-1.5.0]$ bin/gateway.sh start
> Starting Gateway failed.
> [liyuanfeng@hdp26 knox-1.5.0]$ vim logs/gateway.log
> 2020-12-22 16:18:42,924 INFO knox.gateway (RemoteAliasService.java:init(277)) - Remote Alias Service enabled
> 2020-12-22 16:18:42,926 WARN knox.gateway (ZookeeperRemoteAliasService.java:init(367)) - There is no registry client defined for remote configuration monitoring.
> 2020-12-22 16:18:42,930 INFO knox.gateway (JettySSLService.java:init(64)) - Creating credential store for the gateway instance.
> 2020-12-22 16:18:42,951 INFO knox.gateway (JettySSLService.java:init(80)) - Creating keystore for the gateway instance.
> 2020-12-22 16:18:44,033 ERROR knox.gateway (X509CertificateUtil.java:generateCertificate(266)) - Error in generating certificate: java.lang.reflect.InvocationTargetException
> java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
> at org.apache.knox.gateway.util.X509CertificateUtil.generateCertificate(X509CertificateUtil.java:187)
> at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:202)
> at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:182)
> at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:176)
> at org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
> at org.apache.knox.gateway.services.GatewayServiceFactory.create(GatewayServiceFactory.java:48)
> at org.apache.knox.gateway.services.GatewayServiceFactory.create(GatewayServiceFactory.java:33)
> at org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:59)
> at org.apache.knox.gateway.GatewayServer.main(GatewayServer.java:175)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at org.apache.knox.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:68)
> at org.apache.knox.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at org.apache.knox.gateway.launcher.Command.run(Command.java:99)
> at org.apache.knox.gateway.launcher.Launcher.run(Launcher.java:75)
> at org.apache.knox.gateway.launcher.Launcher.main(Launcher.java:52)
> Caused by: java.io.IOException: DNSName components must begin with a letter
> at sun.security.x509.DNSName.<init>(DNSName.java:94)
> ... 22 more
> 2020-12-22 16:18:44,039 FATAL knox.gateway (GatewayServer.java:main(184)) - Failed to start gateway: java.lang.NullPointerException
> java.lang.NullPointerException
> at sun.security.provider.JavaKeyStore.engineStore(JavaKeyStore.java:569)
> at sun.security.provider.JavaKeyStore$JKS.engineStore(JavaKeyStore.java:55)
> at java.security.KeyStore.store(KeyStore.java:1377)
> at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.writeKeyStoreToFile(DefaultKeystoreService.java:573)
> at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addCertForGateway(DefaultKeystoreService.java:210)
> at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:182)
> at org.apache.knox.gateway.services.security.impl.DefaultKeystoreService.addSelfSignedCertForGateway(DefaultKeystoreService.java:176)
> at org.apache.knox.gateway.services.security.impl.JettySSLService.init(JettySSLService.java:88)
> at org.apache.knox.gateway.services.GatewayServiceFactory.create(GatewayServiceFactory.java:48)
> at org.apache.knox.gateway.services.GatewayServiceFactory.create(GatewayServiceFactory.java:33)
> at org.apache.knox.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:59)
> at org.apache.knox.gateway.GatewayServer.main(GatewayServer.java:175)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at org.apache.knox.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:68)
> at org.apache.knox.gateway.launcher.Invoker.invoke(Invoker.java:39)
> at org.apache.knox.gateway.launcher.Command.run(Command.java:99)
> at org.apache.knox.gateway.launcher.Launcher.run(Launcher.java:75)
> at org.apache.knox.gateway.launcher.Launcher.main(Launcher.java:52)
>
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)